Re: Real IP's
From: Todd Jones (jonest1_at_charter.net)
Date: 10/18/03
- Next message: Todd Jones: "Re: Documentation"
- Previous message: ArchiPit: "Re: "la directory sembra non esistere pił": Unicode non valido"
- In reply to: Rex: "Real IP's"
- Next in thread: Rex: "Re: Real IP's"
- Reply: Rex: "Re: Real IP's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 18 Oct 2003 04:58:37 -0500
I'm not sure if this is exactly what you are looking for, but it may be
what you want. Otherwise, you'll need to give further information, but
I'll give it a try.
First, I'm assuming you have servers (http, smtp) which serve incoming
connections from the internet. Therefore, I would place these servers
on a DMZ. How you configure your DMZ is up to you, but the two most
common methods is to do port forwarding onto some other network (not
internal and not internet), or to assign the actual IP addresses to the
boxes on the dmz and assign routes to each box. For this task, the most
common way to do this with hardware is with three network cards
(Internet, DMZ, LAN).
Iptables masquerades your lan traffic for you.
It sounds from your message below that your are considering port
forwarding to your lan. This is generally seen as a bad idea.
Todd Jones
Rex wrote:
> I'm re-doing our firewall at work and here's my situation.
>
> I'm running multiple servers with several different servers running
> duplicate services ie: http, smtp, etc.
>
> I'll be doing a iptables based firewall/router, my question is...
>
> 1. I can't use private ip's (192.168.0.x) and port forward, so how should I
> forward/masq my real ip's??
>
> 2. What tools work well ??
>
> Thanks
>
>
- Next message: Todd Jones: "Re: Documentation"
- Previous message: ArchiPit: "Re: "la directory sembra non esistere pił": Unicode non valido"
- In reply to: Rex: "Real IP's"
- Next in thread: Rex: "Re: Real IP's"
- Reply: Rex: "Re: Real IP's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
